ClawHub

feishu-lark-cli

v1.0.0

飞书即时通讯:收发消息和管理群聊。发送和回复消息、搜索聊天记录、管理群聊成员、上传下载图片和文件、管理表情回复。当用户需要发消息、查看或搜索聊天记录、下载聊天中的文件、查看群成员时使用。

0· 51·0 current·0 all-time
by@roy-oss1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description map directly to lark-cli IM features (send/reply/search/download/manage chats). The only required binary is lark-cli and the install spec installs @larksuite/cli which creates the lark-cli binary — this is proportionate and expected.
Instruction Scope
SKILL.md contains detailed, purpose-scoped instructions for using lark-cli (APIs, shortcuts, safety prompts for sending messages). It repeatedly instructs the agent to read ../lark-shared/SKILL.md for authentication and permission handling — that referenced shared file is not included in this bundle, so the runtime instructions depend on an external document you should inspect to confirm authentication handling and any extra I/O.
Install Mechanism
Install uses an npm package @larksuite/cli to provide the lark-cli binary. This is a standard registry install for a CLI wrapper and consistent with the described behavior. (Note: npm packages carry typical supply-chain risk; verify the package and publisher if you need high assurance.)
Credentials
The skill declares no required env vars or config paths, which is consistent because lark-cli typically uses its own auth flow. However, the missing ../lark-shared/SKILL.md probably contains authentication/permission instructions and may describe how tokens are acquired/stored — review it to confirm no unexpected credential requirements or config path access are implied.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not request system-wide config paths or persistently elevated privileges. Installing the npm package will produce the lark-cli binary (expected). No evidence it modifies other skills or global agent settings.
Assessment
This skill appears to be a coherent wrapper for the official Lark CLI. Before installing: (1) inspect the referenced ../lark-shared/SKILL.md (authentication/permission handling) — it wasn't included here; (2) verify the npm package (@larksuite/cli) and its publisher on the npm registry and GitHub homepage to ensure it is the official package; (3) expect lark-cli to require you to run an auth/login flow (it should not ask the skill for unrelated cloud credentials); and (4) if you need a higher assurance, review the shared auth doc and the package source code to confirm how tokens are stored and whether any background services or network endpoints beyond Lark's APIs are contacted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c2t4w12e42h8111x4kja59584f4fz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💬 Clawdis
Binslark-cli

Install

Install lark-cli (npm)
Bins: lark-cli
npm i -g @larksuite/cli

Comments